UPDATE 2: This article in the Guardian makes an excellent point: if WikiLeaks can get ahold of this material so easily, certainly a foreign government can just as easily. These are not secrets from anyone but us, the American public.

This was written by Iron Knee. Posted on Sunday, November 28, 2010, at 1:19 pm. Filed under Irony. Bookmark the permalink. Follow comments here with the RSS feed. Both comments and trackbacks are currently closed.

18 Comments

Hassan wrote:

I did not find anything truly damaging for US and its real allies (Israel, UK). All those leaks just bad mouth allies that can become non-allies anytime (Saudi, Pakistan etc)

I’m wondering how “secret” all of this really was. The idea that diplomats collect information about the officials in other countries does not strike me as shocking. That certain people were “bad-mouthed” is probably not a surprise even to the people in the countries that were dissed.

The only really interesting thing about this that I’ve heard so far was that everyone in the Middle East seems to be concerned about Iran. I see this as a kernel of hope around which peace talks and cooperation may grow.

While a lot of the reports may just seem like things that cause some awkward moments, there are some points that are a bit worrisome.

1 — Yemen has been covering for the U.S. I believe it was for drone strikes in Pakistan. Yemen has been claiming that they are ordering the strikes and the weapons are theirs, trying to convince the population of the Middle East that there is more international cooperation in the war on terror than there actually is. This may be more of just an embarrassment, but it doesn’t help our standing in the region when people realize that we’re letting another country take the blame for attacks that we launch.

2 — Saudi Arabia, Egypt, and others have repeatedly asked/urged the U.S. to bomb Iran. This will embolden Iran to push forward with their nuclear ambitions with renewed haste. After all, if you have a nuclear bomb, people don’t attack you. It can also be used by Ahmedinejad and the regime to show their citizens that they need to trust the current rulers, thereby cementing their power.

3 — North Korea. This is the one that I find the most troubling. Some of the reports (between South Korea and the U.S.) suggest that some South Korean officials have been in discussion with China regarding re-unification of the peninsula after the North collapses. Part of the reason that the North hasn’t gone on a complete suicide mission is because China has traditionally been able to reign in the regime. Now that the North has cause to believe that China no longer has their backs, they could become more belligerent in the hope of extracting concessions.

What will actually come of all of this is yet to be seen. But some of it is more that just idle gossip.

Regarding update 2, I disagree very adamantly. As a bit of background, I am about to get my Ph.D. in Computer Science with a focus on access control and trusted computing.

First, the author states, “Nor is the material classified top secret, being at a level that more than 3 million US government employees are cleared to see, and available on the defence department’s internal SIPRnet.” This demonstrates that he does not understand how information is actually classified. Having a clearance for “Secret” does not automatically mean you get access to every document at that level. Instead, documents are also tagged with category labels, further restricting access. So if you have access only to (Secret,{Nuclear,Europe}, that doesn’t give you access to a document labeled (Secret,{Nuclear,Asia}). So it is disingenuous to imply that all 3 million people have access to all secret data.

He also says, “Clearly, there is no longer such a thing as a safe electronic archive, whatever computing’s snake-oil salesmen claim. No organisation can treat digitised communication as confidential. An electronic secret is a contradiction in terms.” That’s a load of crap. There are plenty of ways to make a safe electronic archive. But if you use it in insecure ways, then you’re toast.

Let’s look back at how this information was leaked. Bradley Manning would put blank CDs into his work station and pretend that they were audio CDs. He’d put on headphones and pretend that he was singing along to add to the ruse. He would then burn the data onto the CD and walk out with it.

As a security specialist, I’m asking this: Why the hell is there a CD burner with burning software installed on a machine with access to SIPRnet? USB ports are disabled, because these are known sources of leakage. Want to stop Manning? Don’t install a CD burner. Don’t install the software to burn CDs. Log key events, such as copying data to any removable media, for f***’s sake! Add a separation-of-duty control, which requires a superior’s approval to start-up the CD burning software.

It’s not the tools aren’t there. There are, in fact, VERY secure operating systems that can enforce VERY tight security constraints. The problem is that people only want to use a “secure” operating system if it’s called Windows, made by Microsoft, and is a piece of frickin’ crap. Regardless, if you loosen your security policies to make the system more usable and flexible, you’re going to have leaks. That’s not a shortcoming of the tools. It’s a shortcoming of the human users.

So, the interpretation that, “[I]f WikiLeaks can get a hold of this material so easily, certainly a foreign government can just as easily,” is a problematic claim. WikiLeaks only got this information because Manning betrayed his oath of service to his country. I can understand that he was disillusioned. If you recall, he was the one that leaked the “Collateral Murder” video. His motivation was apparently that he hoped these leaks would change U.S. policies. In order for a foreign government to get this type of information, they would have to turn such an insider into a traitor. Not impossible, but not easily done. And it could be made much more difficult if proper access control safeguards were put into place.

Finally, the author of the article claims, “Anything said or done in the name of a democracy is, prima facie, of public interest.” Baloney. Hogwash. Garbage. Bullshit.

Look, if the entire world were one big democracy and there were no violent people in the world, then, yeah, he’s got a point. But that ideal doesn’t exist. If there were a way to make things done in the name of a democracy public to only the citizens of that country, fine. But that’s impossible. The reason state secrets exist is, primarily, to keep that information out of the hands of foreign enemies. Yes, there are abuses. But this “Information wants to be free” ideal is so utterly naive that it’s not even funny.

Most of the leaks that have come out already is less than 300 (“Currently released so far… 226 / 251,287″ sits at the top of the page under the hourglass logo) so chances are we haven’t seen anything too damaging.

Yet.

Obviously, if the government is doing damage control, they’re preparing for things they know will go wrong so they have to prepare for it. Even if it turns out to be somewhat rudimentary to us, it can have giant impacts on foreign relations (Calling Sarkozy an “emperor without clothes”, while somewhat insulting [personally I found it kind of funny] in the everyday term, is pretty harsh considering they’re one of our biggest allies in Europe).

As the rest of the documents come out over the next few months, look for somewhat embarrassing moments as well as the mundane paranoia. That is, of course, barring the website’s blocking in the US, which brings me to a somewhat related point: 80-some odd file-sharing sites were shut down by Kimba Wood’s court order today. The sites remain active, however the page instead has a digital sign “hung” on it explaining why you can’t access the site and redirecting you to the court order. So we know the government has the ability to block websites by court order and I won’t be surprised if they try the same thing with Wikileaks.

Apparently, this is the place where computer security PhDs hang out on the Internet. I have a PhD in computer science (focus on crypto & infosec) so as a fellow nerd I understand what you’re saying and I largely agree with your conclusions, except that I support the initial conclusion that if Manning can get his hands on this material, then so can foreign intelligence. It would take a single trojan on a SIPRNet PC – they’re all running Windows, like you said and not nearly as air-gapped as you might hope – and the exposure could be tremendous. Ignoring compromised insiders with a clearance, what about lost laptops? When they’re lost, they don’t always get reported to the news media.

If proper access control safeguards are put in place, we can have a more secure environment, but having worked outside of academia in corporate infosec, I can say that security in the real world is triage. You have to pick your battles and you cannot “just say no” to everything that comes your way. No organization has the resources to lock everything down perfectly. Defending against Manning requires analyzing the systems with a different security model than defending the systems against foreign intelligence services. (Which you’ll find cables about in the Wikileaks collection, particularly fingering China.) In all likelihood, the IO folks in CENTCOM just don’t have the budget to put into place all of the wonderful things that we security pros tell them they need, no matter how much foot-stomping we do.

JH, thanks for the comments, and I agree with you to a certain extent. I’ve worked in industry (not in security at the time…), and I know that the number one risk is not getting the job done. In most environments (e.g., the corporate world), “good enough” security is fine. And yes, defending against insider threats does require a different model. But that’s how government agencies have always been set up. Separation of duty. Logging and audits.

However, I disagree with your threat analysis of SIPRnet. Even if there is a trojan, how is the data leaked? Once a machine (or removable storage device) has been connected to SIPRnet, it becomes labeled as secret and is never supposed to be connected to NIPRnet or the Internet after that point. This is somewhat easy to ensure, as these are supposed to be workstations in rooms that are protected by locks and big guys with big guns. The only machines that can be connected to both SIPRnet and NIPRnet are high-assurance routers (see Blacker for more info) that ensure all traffic to or from SIPRnet is encrypted. These routers also restrict traffic further, as you don’t want somebody just opening up an SSH tunnel. While DoD and CENTCOM may not have unlimited budgets, they do have great flexibility to place restrictions that no corporation would ever consider.

Regarding laptops, yeah, the stolen laptop problem was one of my original research motivations. There is actually a fairly easy solution to that: full-disk encryption. I would truly be shocked if DoD let laptops without FDE access SIPRnet.

By the way, WikiLeaks denies that they received this material from Manning. I will still claim that if WikiLeaks was able to get this material, then foreign governments can certainly get it just as easily. It has nothing to do with what is technically possible.

I think that WikiLeaks is on the right track in the sense that there are some things it might be worth knowing as American citizens. There are limits, of course, and I hope that the site isn’t preparing to release anything too damaging to the nation, but exercising our freedom, especially involving the flow of information, is vital to maintaining an effective media system.

NYT is taking a great direction with this, considering all other news sources are discussing the Fed investigations and censoring the documents:

SIPRNet is supposed to be all these things that you say, except as its size and complexity have increased, it’s doubtful whether it’s as tight as it used to be. Having done (industry) firewall audits, I can tell you for sure that nobody with a sufficiently large network is able to keep a handle on their rulesets as much as they’d like.

Frankly, if you can infiltrate code to a secure system, exfiltrating data out to less-secure systems (even automagically) is feasible. Regardless of their ability to clamp down “harder” than a corporation, I would argue that DoD personnel still have jobs to do – all over the place – and restricting their ability to do their job too much (whatever that means in a particular context) can jeopardize readiness.

FDE is nice, too, but there’s the “Evil Maid” attack and covering all mobile devices in large scale deployments can be tricky. Back to the “fallible human” hole in our security again.

I think we’ve gotten a bit afield of the original topic, so if you’d like to continue this conversation elsewhere, let me know how I can get a hold of you and we’ll do that. Otherwise, thanks to IK for the great site and I will go back to lurking.

Well said Starluna, it is quite an impressive bunch that visit this blog. That being said…

JH – I agree we can’t completely secure our “secure” networks, but I believe it’s more likely to fail because of the human factor then from an IT standpoint. What I mean is even with compartmented info there are so many with access. While you can grant a 21 yo a secret ot TS clearance, that does not mean they can’t be compromised. Infosec, when compromised, is more likely to occur from trusted human sources then remote mechanical (bots, etc). They other factor affecting security of the system is IT personnel or lack there of. My unit deployed and we ran 3 locations separated by 80 miles. We had responsibility to maintain our local network, fine. I had no IT people, besides myself, but because I was in charge I couldn’t devote all my time to working and training IT staff. When I inspected the network we had blue (NIPR) lines running to red (SIPR) boxes and vice versa. Obviously the previous unit didn’t have any IT people and they had wired the place. I conducted a 1 week training class with my commo guys and charged them with fixing the network and making it right. We also enlisted the help of our higher and they sent us a IT guy to assist/train our team.
For our forces in combat zones there are not enough IT civilians or military and to come close to being done to stateside standards. You are correct in the simplest way to deny large amounts of data being stolen are to disable burners and USB ports. This won’t stop someone from photographing the screen, but we kept our SIPR box in our orderly room which was occupied 24/7 by 2+ persons. Anyone needing to use the box had to do so in front of at least 2 others.

PGT: Totally agreed – users and limited resources are the two unavoidable gaps in every security system. Like I said before, deciding which battle to fight on which front (or security model) is the key to winning the war (or providing “good enough” security). There’s probably a Sun Tzu quote appropriate for this, but I’m too lazy right now to dig it up.